Emerging Risk: An Integrated Framework for Managing Extreme Events

Kathleen Locklear

Abstract

Today‟s complex, interconnected global environment has created borderless risk that is capable

of rapidly spreading across geographic, societal and organizational boundaries. In this

environment, extreme events compel greater attention due to their potential for generating

expansive and catastrophic harm. One source of extreme events is emerging risk which, as

defined in this paper, is new (novel) risk that has not existed previously. Akin to the “Black

Swan” as proposed by Nassim Taleb, emerging risk falls outside our customary cognitive and

decision making frameworks. This paper begins by exploring cognitive and behavioral theories

which can be applied to explain why emerging risk is often overlooked, downplayed or ignored.

The existing literature is also examined to identify approaches (including systems theory,

scenario planning and anticipatory management) for enhancing our capacity to understand,

identify and handle emerging risk. Finally, this paper proposes an innovative framework for

managing emerging risk within an overall enterprise risk management (ERM) program. The

suggested framework provides a practical approach for meeting the challenges of emerging risk,

including the need for alternatives to traditional quantitative and predictive tools.

Key words: emerging risk; extreme events; trans-boundary risk; enterprise risk

management

Introduction

Globalization has radically altered the playing field of contemporary risk management by

making risk “borderless” and intractably altering the ways in which risk is generated, escalated

and conveyed across geographic, societal and organizational boundaries. Under these

conditions, extreme events compel greater attention due to their potential for generating

expansive and catastrophic harm. Extreme events such as the BP oil spill dramatically illustrate

the challenges of „post-modern‟ risk, which are arguably stretching the capabilities of existing

2

risk management tools and approaches. In response, these conditions call for the development of

new and innovative approaches, such as enterprise risk management.

This paper will focus on emerging risk, which has the potential to evolve into extreme

events. Akin to Taleb‟s „Black Swan‟ (2007), emerging risk exemplifies the extreme outlier

event (low probability, high impact) whose potential is often downplayed or entirely overlooked.

By virtue of its evolving nature, emerging risk is opaque, falling outside customary cognitive and

perceptual frameworks.

The concept of emerging risk is introduced, defined and discussed in the first section of

this paper. The second section of this paper presents and a literature review which draws from

existing scholarly works in order to synthesize an understanding of how emerging risk arises and

incubates, often unnoticed or downplayed. The literature review section also draws from

existing management theory (systems theory, chaos theory, anticipatory management, scenario

planning, strategic foresight, environmental scanning) in order to identify possible approaches

for more fully understanding, identifying and managing emerging risk. Finally, the paper

concludes with a proposed innovative framework for managing emerging risk within an overall

enterprise risk management (ERM) program.

Because there is little research on the topic of emerging risk, one objective of this paper

is to help close an existing gap in the literature. By adding to the discourse on the topic of

emerging risk, it is hoped that this paper will contribute to both risk management theory and

practice, including ERM. In this regard, a further objective of this paper is to identify how risk

management practice might be enhanced through an understanding of emerging risk.

With regard to the anticipated contributions of this paper, it is noted that traditional risk

management approaches have often involved the development and use of predictive models that

3

seek to identify solutions. In contrast, this paper is premised upon the view that risk managers

and management practitioners alike must seek to think beyond “final” solutions and answers

which purportedly beget the need for further discussion. Instead, this paper instead hopes to

challenge risk managers and management practitioners alike to avoid the complacency which can

sometimes be associated with “final” answers, encouraging an approach which involves learning

as much as possible about risk management while being “prepared to learn it all over again as

circumstances change” (Fulmer, 1991, p. 9).

Finally, it is suggested here that „risk management‟ is often discussed entirely apart from

„management‟, as though the two are separate and distinct. This paper is premised upon the

notion that good management requires sound risk management, and the two concepts need to be

considered in tandem. This paper will utilize an interdisciplinary and holistic approach,

including a discussion of enterprise risk management, in order to tighten the connection between

these two practice areas.

Part 1- Emerging Risk: Introduction and Contextual Discussion

Before discussing the phenomenon of emerging risk, it is important to first understand the

environment within which emerging risk is generated. Emerging risk finds its nexus in the

conditions of the modern environment, which is global, dynamic, complex and interconnected

(Giddens, 1990). Globalization has radically altered the playing field of contemporary risk

management by making risk “borderless” and intractably altering the ways in which risk is

generated, escalated and conveyed across geographic, societal and organizational boundaries.

“Globalization of risk” (Tacke, 2001; Giddens, 1999) has resulted in risk which is complex,

incalculable (Beck, 2007), delocalized and borderless (Smith & Fischbacher, 2009).

4

These conditions of modernity give rise to three specific challenges, each of which is

relevant to the phenomenon of emerging risk. First, interconnectedness and complexity make it

increasingly difficult to ascertain and isolate causal factors which produce emerging risk. This

leads to „complexity challenges‟ when dealing with emerging risk, the byproduct of an

environment where “simple cause-and effect relationships are steadily replaced by multi-causal

and multi-conditional systems” (Coomber, 2006, p.89).

Second, matters are further complicated by the growing difficulty in ascertaining the

relationships among the causal factors, making emerging risk more opaque. This leads to

„relational complexity‟ when dealing with emerging risk. A recurring theme is the notion that

technological advances, combined with the rapid speed with which they are introduced to the

market, make it very difficult to evaluate risk.

A third difficulty, and related to these first two, is the potential for „cascading‟ effects.

This effect was illustrated by the August 2003 power outage which spread across the power grid

from Ohio to Maryland, New York and Toronto. The root cause of this mega-outage, the largest

in American history, was determined to be overstressed power lines in Ohio which failed after

coming into contact with overgrown trees (Holbrook, 2010, p. 10). In this particular instance a

seemingly simple and innocuous root cause, which should have led only to a minor local outage,

was amplified by the complexity of the power grid infrastructure and produced an extreme event.

Under the conditions of today‟s global environment, with its inherent complexity and

continual change, ambiguity and flux have become the new norms. Risk is often opaque,

clouded within a complicated web of causal factors and unnoticed until it escalates into a

catastrophe. It seems that each day we are faced with new risks accompanied by a corresponding

plethora of information about how we can protect ourselves. However, despite the abundance of

5

risk mitigation and risk prevention information, we continue to be impacted by disruptive

extreme events. This pattern makes it necessary to question whether traditional risk management

approaches, which have tended to be heavily quantitative and predictive, are sufficient for

handling post-modern risk including emerging risk. With this in mind, one of the objectives of

this paper is to propose an alternative, qualitative framework which is suited to the challenges of

identifying and managing emerging risk.

Defining Emerging Risk

For purposes of this paper, emerging risk is defined as a new (novel) manifestation of risk, of a

type which has never before been experienced. Novel manifestations of risk include entirely new

risk types that have not existed previously. For example, it is possible that nanotechnology may

represent an area of new (novel) risk. As such, it is worth noting here the double-sided nature of

science and technology (Beck; Giddens 1990) which not only offers solutions to the problems

and challenges of modern life, but may contain sources of new (emerging) risk.

In addition, novel manifestations of risk can also include “hybrids” which blend together

known risk types in new ways (combinations), producing outcomes that have not been

experienced previously. For example, it could be the case that zoonotic disease in the face of

climate change (warming) may be an emerging risk.

Although information needed to identify emerging risks may exist, it is can often be

missed, ignored or downplayed. It is this tendency to overlook, discount or ignore relevant

information (including warning signals) which results in “predictable surprises” (Bazerman &

Watkins, 2004) and partially explains why, following an extreme event, too we often find

ourselves wondering why we didn‟t see the event coming.

6

By virtue of its definition, once an emerging risk has evolved through its latency period

and has actualized, it ceases to be emerging. This concept, as well as the concept of a “hybrid”

emerging risk, can be illustrated by the September 11, 2001 terrorist attacks. Prior to that

disaster, large commercial aircraft had never been utilized as weapons of mass destruction

against civilian targets. However, the possibility for this type of attack might have been inferred

from the use of smaller planes as weapons during the attacks at Pearl Harbor. Furthermore, the

tragic events of September 11 were preceded by an unsuccessful attempt to bring down the twin

towers on February 26, 1993. Combining these elements, and with the benefit of hindsight, it

seems easy to say that the possibility for someone to utilize a commercial airliner to inflict

critical damage on a skyscraper should not have been “unthinkable” prior to September 11, 2001.

Nevertheless, it was widely considered highly improbable for one of the Trade Towers to fully

collapse (let alone both of them together) as the result of this type of attack. Regrettably, on

September 11, 2001 this emerging risk actualized and now remains etched in our collective

awareness.

It should be noted that unlike other types of risk, emerging risk does not have a history of

past “comparable” events. As such, emerging risk defies handling through application of

traditional risk management methodologies and tools which depend greatly on probabilistic

modeling and quantification.

Part 2- Literature Review

This literature review has been divided into four sections. The first section presents

perspectives on disaster causation and is followed by a second section containing perspectives on

the predictability/preventability of disasters1. These topics are presented as a means for

1 It should be noted here that disasters of purely natural origins have been excluded from this paper, since emerging

risk is conceptualized as arising in whole or in part from man-made systems.

7

understanding the individual, social and systemic factors which give rise to emerging risk and

allow it to incubate. The third section of the literature review provides an overview of topics

related to cognitive impediments. These materials are intended to be useful in developing an

understanding of how and why, at both the individual and organizational level, emerging risks

may go unidentified, downplayed and unmanaged. The fourth section of this literature review

provides an overview of topics from the management literature (including systems thinking and

scenario planning) which are offered as specific approaches for understanding and managing

emerging risk.

Section 1- Causation Perspectives on Disasters

The literature on disaster causation is very rich, covering a broad range of materials.

Within this body of literature, there is considerable discourse on the topic of whether individual

or organizational decision making deficiencies (or a combination of both) contribute to the

production of disasters. For example, Bazerman and Watkins argue that disasters are “predictable

surprises” (2004, p. 74), the byproduct of the following cognitive biases: positive illusions,

which give rise to an overly positive view of self, the world and the future; egocentric

interpretation of events, a condition in which individual perception is determined by the role one

plays; human tendency to overly discount the likelihood and impact of future events; human

preference for maintaining status quo, rather than having to deal with the challenges of

implementing sometimes unpalatable preventive measures; and human reluctance to invest in

preventative measures for problems which do not appear to be vivid and palpable, both

personally and immediately relevant. Combined, these cognitive biases can explain why

emerging risks may go unnoticed and unaddressed, sometimes escalating into disasters.

8

Choo (2005) argues that organizational disasters are the cumulative end product of

“information failures” (p. 10) at both the individual and organizational level. From this point of

view, information failures represent defects in the process of gathering and processing

information. Applying this to the phenomenon of emerging risk, information failures represent

missed opportunities to identify information that might allow for the preemption of emerging

risk during its incubation phase.

Much of the scholarly literature that analyzes disasters utilizes a situational approach,

focusing exclusively on the causative the role of mechanics and human error. A contrasting view

(Choo, p. 8) suggests that disasters incubate within a systemic context and therefore it is

insufficient to focus exclusively on human error. From this viewpoint it appears intuitive that

systems thinking can provide insights regarding emerging risk. A systems thinking approach

also allows for the acknowledgement of both human error and organizational information

impairments as causal factors in disasters,

Turner suggests (1994, p. 215) the majority of disasters are “social, administrative and

managerial” in nature, largely attributable to faulty management systems that foster an

incubation period which precedes organizational disasters. He adds that this incubation period is

replete with “misperceptions, misunderstandings and miscommunications [that] accumulate

unnoticed” (p. 216), symptomatic of underlying informational and belief defects that work like

“pathogens”. These pathogens permeate and infect the entire organizational system until

something forces them out in the open, where they can be addressed and removed. For purposes

of this paper, it is relevant to inquire about the types of management approaches and structures

which might be effective in illuminating emerging risk so that it can be openly addressed and

mitigated.

9

The „meta‟ perspective is yet another viewpoint in the literature on disaster causation and

suggests that disasters are the byproduct of an interaction among multiple influences at the

individual, group and systemic level. Roberto (2002) espouses this perspective, with his

conceptualization of disasters as the byproduct of interaction among cognitive, inter-personal

(group) and systemic forces that are inseparably intertwined. In synthesizing his perspective of

disasters, Roberto draws upon three frameworks: “behavioral decision theory, the team

effectiveness literature and complex systems theory” (p. 138). This meta-perspective approach

appears to be of particular utility for organizations and executives who are tasked with making

complex and high-stake decisions about risk management. And, Robert‟s use of complex

systems theory suggests that this subject area can be of value when seeking to understand the

phenomenon of emerging risk.

Weick‟s concept of “sensemaking” (1995) offers yet another (holistic) perspective which

can be usefully applied to the topics of organizational disasters and emerging risk. As described

by Weick, sensemaking consists of environmental and cognitive mapping, carried out in active

and reactive ways at both the individual and organizational levels, and involving a process of

putting stimuli into an interpretive framework. Within this interpretive framework, it is not

possible to separate individual decision making (sensemaking) from its corollary processes, as

they are concurrently carried out at the organizational level. Of particular relevance to the

subject of emerging risk, Weick suggests that organizational and individual

boundaries/frameworks set the context for decision making and problem resolution and adds (p.

1) that “sensemaking is tested to the extreme when people encounter an event whose occurrence

is so implausible that they hesitate to report it for fear they will not be believed.” Weick also

adds (p. 1) that in such instances, thinking often turns to “it can‟t be, therefore, it just isn‟t”.

10

Combined, these observations suggest particular challenges for the identification and

acknowledgement emerging risk, for which there is no historical data and few (if any) historical

comparables.

Section 2- Predictability and Preventability Perspectives on Disasters

The scholarly literature on disaster predication and preventability encompasses a range of

divergent perspectives. One viewpoint is that disasters are neither predictable nor preventable.

A second perspective is that disasters are both predictable and preventable. A third perspective

is a hybrid of these two, suggesting that some (but not all) disasters are predictable and that while

they may not all be preventable, their impact can be mitigated. This subject matter is of

particular relevance to the understanding and handling of emerging risk, which is characterized

by a lack of historical data, and therefore not amenable to traditional predictive modeling tools.

The question that arises is what types of alternative approaches might make it possible to

envision a range of alternative future outcomes, including types of emerging risk.

Within the literature which positions organizational disasters as predictable and

preventable, there exist numerous suggested approaches for avoiding disasters. For example,

Choo (2008) argues that an understanding of organizational information impairments, including

“epistemic blind spots, risk denial and structural impediment[s]” (p. 32) is the key to disaster

prevention. For purposes of this paper, these information impairments need to be identified,

understood and overcome in order to identify and respond to emerging risks.

Bazerman and Watkins take the position that disaster prevention can be achieved through

“information vigilance”, which can be fostered through consistent implementation of four critical

“information processing approaches” (2004, p. 97). These information processing approaches

are: environmental scanning, to identify and assess significant threats; integration of information

11

from various sources in the organization, to synthesize actionable insights; timely response to

problems and warning signals, with active monitoring of the results and implementation of a

“lessons learned” approach to failures, in order to create institutional memory. Each of these

approaches can be of great value when seeking to identify and respond to emerging risks.

Clarke and Perrow describe organizational disasters as “unique” events (1996, p. 1053),

making them difficult (but not impossible) to predict and prevent. They add that organizational

disasters tend to be viewed a priori as very low probability, „never‟ events, noting that this

distorted perception may combine with an inflated assessment of organizational capabilities to

“normalize danger by allowing organizations … to claim that … problems are under control” (p.

1055). This perspective provides insight regarding how and why disasters and emerging risks

may by underestimated.

Adding to the discussion of „never‟ events, Taleb (2007) presents the notion of the

“Black Swan” as a particular type of disaster, the essential qualities of which are extreme impact,

rarity and a low degree of predictability. To the extent that Black Swans fall within the realm of

the unpredictable, attempts to predict these events are a waste of time. In describing Black

Swans, Taleb adds that their seminal characteristic is that we behave as though they do not exist.

As such, we continue “operating under the false belief that [predictive] tools” (Taleb, p. xviii) are

capable of accurately predicting uncertainty. Following from these propositions, that which is

unknown is much more relevant that that which is known. Applying these concepts to emerging

risk, it can be argued that effective management should focus less on predictive efforts and more

on alternative approaches which might allow emerging risk to be envisioned and anticipated.

12

Part 3- Cognitive Impediments

The scholarly literature on cognitive impediments is rich and includes treatment of a

range of topics which have implications for risk management decision making and the

identification of emerging risk. The body of literature can be more readily understood by

dividing it into three groups of thought: works which examine decision making at the individual

(micro) level, works which examines decision making at the organizational (macro) level and

works which incorporate both of these approaches, taking the position that decision making at

the individual and group (social) level are inextricably intertwined.

An understanding of cognitive impediments is an essential building block on the journey

to an understanding of emerging risk. Specifically, it is important to understand the impact of

cognitive biases, which act to cloud the lens through which information is perceived and filtered.

It is of particular note that cognitive biases may produce a distorting effect, one which helps to

explain why early warning signals are inexplicably discounted and/or missed (Bazerman &

Watkins, 2004; Gerstein & Ellsberg, 2008) during the incubation period that precedes disasters.

Of note, the historical literature has generally approached decision making as a largely linear

process. However, it is suggested here that this paradigm no longer fits today‟s environment,

where complexity and continual change are the norm, rather than the exception.

Cognitive Impediments: Individual

Historically, much of the literature has been predicated on the assumption that individual

decision making is overwhelmingly sound and that man-made disasters are the errant byproduct

of deviations from normal rational processes. In contrast, Ariely (2008) suggests that our

individual decision making processes are at times heavily influenced by hidden forces of

irrationality, making us “predictably irrational”. In particular, Ariely suggests that there are

13

several biases which routinely influence our decision making, and of which we are woefully

unaware. The end product of Ariely‟s research is a set of decision making biases which include:

relativity bias (the tendency to avoid comparing things which do not easily lend themselves to

comparison); ownership bias (our tendency to favor that which we already have, eschewing the

unknown for what is already familiar); loss aversion bias (the tendency to focus on what might

be lost, rather than what might be gained) and expectation bias (the tendency of our a priori

expectations to taint our views of subsequent events).

As suggested by Roberto (2002), other cognitive biases include overconfidence bias,

which is the tendency to be overconfident in one‟s own judgment and recency effect, which is

the tendency to place greater emphasis on information that is more recent, and more readily

available. Roberto‟s research involved an analysis of the tragic events which unfolded on May

10, 1996 as a group of twenty-three experienced hikers sought to descend the slopes of Mt.

Everest following a successful ascent. A storm enveloped the mountain during the descent

attempt, contributing to the death of five hikers and creating nearly fatal conditions for those who

did survive. The research utilized three conceptual frameworks (team effectiveness theory,

behavioral decision theory and complex systems theory) to identify and analyze the factors

which contributed to the tragedy and synthesize a set of lessons learned.

From a behavioral decision theory perspective, Roberto concludes that the climbers‟

judgment was likely impaired by several cognitive biases, including overconfidence bias,

commitment escalation and recency bias. In this instance, commitment escalation was put into

play through the prior tangible and intangible investments (money, physical strain) associated

with the ascent. The research findings were that commitment escalation led the climbers to

ignore their own prior rules and place themselves in grave danger. The research also found that

14

the hikers‟ prior successes led them to be overconfident in their judgment, leading them to

downplay the severity of the impending weather conditions. It was also concluded that recency

bias hindered the judgment of the expedition leaders who had experienced good weather on

Everest during the prior recent years. This caused the leaders to underestimate the severity of the

storm despite historical data that showed the conditions on May 10, 1996 were anything but

abnormal. As a result, the teams did not make adequate preparations for the severe conditions

they encountered. Viewed within the context of risk decision making, and with an eye toward

the task of understanding emerging risk in particular, this research identifies several impediments

which may hamper the ability to anticipate, fully envision, and respond proactively or reactively

to risk.

Taleb (2007) adds to the literature on cognitive impediments by noting that the human

mind is susceptible to three deficiencies. First, we are prone to suffer from an “illusion of

understanding” (p. 8), which is characterized by an unjustifiable belief that we “understand what

is going on is a world that is more complicated (or random) than [we] realize” (p. 8). This

“illusion of understanding” is the byproduct of a second deficiency, which is our tendency to

overvalue factual information and actively seek corroborating evidence, while discounting

information that does not fit into our conceptual framework. Third, we are susceptible to

“retrospective distortion”, which is the ability to assess events with clarity only after the fact.

The combination of these three deficiencies suggests particular challenges and barriers to

overcome when seeking to identify emerging risk.

Cognitive Impediments: Group, Organizational

This body of literature contains several theories regarding the ways in which optimal

decision making may be hindered at both the group and organizational level. The theory of

15

commitment escalation (Staw, 1981; Simonson & Staw, 1992) describes how an individual‟s

capacity to withdraw from a losing course of action may be restricted by organizational pressures

to attain a particular objective. In so far as additional resources are dedicated to a failing

endeavor, the ability to acknowledge and react to emerging risk may be impeded by a reluctance

to withdraw from goals and objectives which no longer appear justifiable.

Staw‟s research (1981) on commitment escalation involved a systematic review of the

social psychology literature, with focus on the subject of behavior justification. According to

Staw, this literature generally predicts that individuals, when forced to complete unpleasant or

dissatisfying tasks in the absence of a reward, will generally positively bias their attitude toward

the task so as to justify their prior behavior. In addition to a review of the literature, Staw also

conducted a series of three experiments which utilized a self-justification framework to

investigate whether decision makers can become over committed to a course of action. The

underlying hypothesis of the studies was that individuals might go beyond mere passive

distortion of adverse consequences to active commitment of new and additional resources in an

effort to turn around a failing course of action. As reported by Staw, the results of the

experiments were confirmatory and showed that when faced with a failure, subjects invested

more resources in that failing course of action in an effort to recouping the losses/failures. In

addition, some subjects reportedly also selectively filtered information so as to maintain their

level of commitment.

Staw‟s subsequent research (1992), conducted with Simonson, was aimed at comparing

the efficacy of several de-escalation strategies. This research study was motivated in part by

prior research findings (Staw, 1976; Tegar, 1980; Brockner & Rubin, 1985; Fox & Staw, 1979)

which suggested that de-escalation techniques should be based upon reduction of the need for

16

self-justification and external justification. Staw and Simonson‟s research study involved

controlled laboratory experiments with business students as subjects. The 193 participants, who

were enrolled in marketing management classes at two California universities, were asked to

work on a business case of a company which sold beer in the United States and Europe.

Although the company was real, the name was disguised. Students were asked to put themselves

in the place of the marketing vice president and submit two recommendations to the company

president indicating which of two beer products should receive extra funding. Following

submission of their recommendation, each student-participant was given negative feed-back in

the form of disappointing results, and asked to make another funding allocation decision. These

research findings were confirmatory of the prior research and demonstrated that individuals who

were responsible for an initial allocation decision invested more subsequently than those who

had not made a prior investment commitment.

In their research on the subject of organizational failure, Clark and Perrow (1996) suggest

that over time, organizations tend to increasingly believe their own representations of reality,

even in the face of information which suggests these representations are incorrect. Using an

illustrative case study of the Shoreham Nuclear Power Station in Long Island, New York, Clark

and Perrow focus in particular on the role of “fantasy documents” (p. 1040) which set forth the

organization‟s plans for responding to highly improbably events such as the chemical accidents

at Bhopal, India, the Exxon Valdez accident and the Three Mile Island nuclear accident. Clark

and Perrow‟s research carefully examines the evacuations plans for the Shoreham facility,

including a series of related evacuation exercises (drills), which were conducted during 1986.

The chronology of events, along with analysis of documentation related to the evacuations

exercises, is used by Clark and Perrow to illustrate the dynamics of organizational failures and

17

the characteristics of fantasy plans. The researchers note that accident/disaster “fantasy plans”

tend to be premised upon unrealistic views of organizational capabilities and also upon the

premise that, “everything will work right the first time, that every contingency is known and

prepared for” (p. 1041). As such, Clark and Perrow‟s research demonstrates how organizational

representations of reality may serve as cognitive impediments which impede optimal decision

making.

Subsequent research by Bonabeau (2007) further highlights the role played by unrealistic

views of organizational capabilities. Specifically, Bonabeau notes that organizations may be

inherently less adept at identifying their own (internal) vulnerabilities. This weakness suggests a

potential gap in the ability of organizations to effectively conduct thorough risk analysis, which

necessarily must include assessment of endogenous risk.

“Groupthink” theory (Janis, 1972, 1982) offers another perspective on sub-optimal

decision making at the group level. As described by Janis (1972), groupthink occurs when

conformity pressures of the group lead to faulty decisions, made in an effort to preserve group

harmony. This premature concurrence seeking, where normative pressure impedes effective

assessment of alternative courses of action (Robins, 1998), leads to deterioration in “mental

efficiency and reality resting” (Janis, 1972, p. 9). Groupthink produces defective decision

making which is characterized by the following attributes: poor information searching; selective

bias in information processing; incomplete surveying of objectives and alternatives; failure to re-

examine choices and rejected alternatives; and failure to develop contingency plans (Janis &

Manning, 1977, p. 132). In so far as groupthink constitutes “a disease of insufficient search for

information, alternatives and modes of failure” (McCauley, 1998, p. 144) the consequences of

18

groupthink may be particularly negative for groups which are carrying out risk management

activities aimed at identifying sources of risk and potential mitigation approaches.

The case study research done by Janis (1972) examined groups consisting of government

and public officials charged with making critical policy decisions (e.g.- the Bay of Pigs decision)

at the national level. Janis‟ research was carried out through interviews of the group participants,

as well as through review and evaluation of written records of the group meetings. The research

findings included (1972, p. 10) the determination that groupthink is “most likely to occur” in the

presence of three antecedent conditions (independent variables). The three conditions are: group

cohesiveness, insulation of the group from outside information sources and limiting influence of

a group leader who advocates his own, preferred decision. In so far as these conditions foster

groupthink dynamics, it is possible to suggest alternatives which could serve to reduce the

likelihood of groupthink and as such may be beneficial in situations outside the political

decision-making realm which Janis studied. Such alternatives include: use of group-building

approaches which emphasize diversity and minimize propensity for cohesiveness; inclusion of

outside sources of information, including a discordant voice which can challenge group cohesion

and introduce non-conforming perspectives; selection of group leaders who do not have an

agenda to promote and are adept at fostering the identification and candid evaluation of

competing alternatives.

Subsequent experimental research by Flowers (1977) validated Janis‟ hypothesis that

when faced with a crisis problem, open group leaders produce a larger number of potential

solutions. Flowers‟ research sought to test, in a laboratory setting, the effects of leadership style

on decision making in crisis situations. The experimental design involved use of a laboratory

simulation involving groups of college students who were given a crisis problem to solve. While

19

half of the groups were assigned to directive (closed) leaders, the other half were assigned to

non-directive (open) leaders. ANOVA analysis of the study data showed that open leaders

produced significantly more (p<.05) solution options than did closed-style leaders.

Part 4- Management Literature

Complexity Theory

Complexity theory utilizes an integrative approach which draws from several bodies of

literature (including chaos theory, systems theory and cognitive psychology) in order to offer a

means for explaining systems and phenomena that defy explanation through more traditional

mechanistic and linear theories. It is possible to view many systems, including risk generating

systems, from a complexity perspective.

A complex system is one which contains a large number of constituent parts, is

networked and has the capacity to follow more than one pathway. Thus, it has more than one

potential future endpoint (Allen (2000); Yilmaz & Gunel (2009)). It is possible to conceptualize

a complex system in terms of the types of complexity it embodies. As described in the literature,

there are two primary types of complexity: relational complexity and cognitive complexity.

Richardson, Cilliers and Lissack (2001) posit that relational complexity is generated as the

outcome of conditions where there are a large number of operational factors. Child and

Rodrigues (2008) suggest hat cognitive complexity is produced by an increase in the quantity of

information within the system. They further add that under conditions of cognitive complexity,

it becomes more difficult to identify and process relevant information.

Complexity itself can be further understood through examination of its constituent

elements and consequences. A large number of operative factors produce “relational

complexity”, which makes it more difficult to ascertain cause and effect relationships

20

(Richardson, Cilliers & Lissack, 2001). Where the quantity of information increases, “cognitive

complexity” is the byproduct. Under these conditions, it becomes more difficult to identify and

process relevant information (Child & Rodrigues, 2008).

Despite a solid body of literature on the subjects of systems thinking and complexity,

there is comparatively little work which applies a systems thinking and complexity approach to

the subject of risk management. White (1995) and Bonabeau (2007) are among the few authors

who adopt this focus, and as such, there remains a gap in the scholarly literature.

With regard to complexity and risk, it has been noted that increased complexity brings

with it a greater range of things which can go wrong. This in turn increases the potential for

random failure (Bonabeau). In addition, within highly complex and large systems, small events

can amplify into catastrophic ones. Complexity thereby magnifies risk through a combination of

wider sources and greater severity, including the potential for „cascade effects‟.

In addition, complexity has been characterized by some as a source of inevitable risk.

This perspective is typified by Perrow‟s normal accident theory (1999) which proposes that

major accidents become inevitable (“normal”) as system complexity and interconnectedness

increase.

Systems Thinking

Most traditional risk analysis tools, for example root cause analysis and pareto diagrams,

rely upon a reductionist approach and are premised upon the notion that understanding of an end

event (“outcome”) can be derived by “working backwards” and breaking the event down into its

constituent parts. A critical limitation of this approach is that it does not capture the essence of

emerging risk is dynamic, the byproduct of evolving, complex and systemic factors which are

influenced by human behavior. When examining dynamic risk, it is necessary to understand that

21

the outcome („event‟) may be greater than the sum of its constituent elements. This concept is

captured eloquently by Grobstein (2007, p. 302) who notes that, “simple things interacting in

simple ways can yield surprisingly complex outcomes”. Thus, in order to understand dynamic

risk, it becomes necessary to work “both downward and upward” (Grobstein) in order to capture

not only the constituent elements of risk, but also the complexity generated by their dynamic

interactions.

By removing artificial barriers between constituent parts of a system (Fulmer, 1992),

systems thinking is a valuable tool in overcoming the limitations of certain traditional risk

analysis tools. This concept is especially important in exploring emerging risk, where answers

and solutions can be uncovered only through an understanding of dynamic interactions and by

seeing both the operative elements and their interactions in uncustomary ways. Applied in this

manner, systems thinking represents a specific cognitive competency (Boyatzis, 2006) relevant

to the identification and handling of emerging risk in an environment characterized by high

relational complexity. And, with its emphasis on inter-connections, patterns and relationships

(Senge, 1994; Sornette, 2009), systems thinking provides a framework for achieving enhanced

understanding of the dynamic and interconnected nature of the complex breakdowns which are

increasingly dotting the landscape of modern risk management. Of particular note, a systems

thinking approach shifts focus away from the “constant attributes” (Katz & Kahn, 1978) of

objects, and instead emphasizes connections and interdependence. This provides a means for

understanding the dynamic and evolving nature of complex events, including emerging risk.

Scenario Planning

According to Chermack (2004, p. 302), scenario planning can be conceptualized as a

process which develops “several informed, plausible and imagined alternative future

22

environments in which decisions about the future may be played out, for the purpose of changing

current thinking, improving decision making, enhancing human and organization learning and

improving performance”. While definitions of scenario planning vary across the literature, a

recurring theme is the utility of scenario planning as a tool for optimizing organizational decision

making.

The scenario planning process is concerned with the identification of causality (Wright &

Goodwin, 2009) and strives to capture “the range of uncertainty thought to be present” (O‟Brien,

2004, p. 709). As such, scenario planning offers a viable means for examining emerging risk,

which emerges from a web of interconnections and is characterized by a high degree of

uncertainty.

Scenarios

Although the literature contains a large number of definitions and descriptions for the

term „scenario‟, there are two descriptions which are particularly useful for this discussion since

they suggest ways in which scenarios might aid the process of identifying emerging risk. One

description is that of scenarios as “purposeful stories about how the contextual environment

could unfold in time” (Burt, Wright, Bradfield, Cairns and van der Heijden, 2006, p. 60).

Building upon this understanding, Schwartz (1991, p. 4) adds that scenarios provide “plausible

alternative stories about the future … which [may be] used as building blocks for designing

strategic conversations.” In this way, scenarios function as “a tool[s] for ordering one‟s

perceptions about alternative future environments in which one‟s decisions might be played out”

(Schwartz, p.4). Of particular note, scenarios are not merely forecasts, predictions or

extrapolations (Postma & Liebl (2005); Wright & Goodwin), which would make them more akin

to traditional risk management tools such as predictive modeling. Rather, scenarios seek to

23

“uncover… the causal nature of the unfolding future” (Wright & Goodwin, p. 817) and as such

can provide insight with regard to emerging risk, which is dynamic and uncertain in nature.

Utility and Benefits of Scenario Planning

One potential benefit (Chermack, 2004) in utilizing scenario planning is the potential for

reducing bounded rationality. This beneficial outcome is achieved when scenarios encapsulate a

great amount of information into the package of a story that is both “conversational and

narrative”, making key points and qualities easy to remember (Chermack, p. 303). This is

significant, since research suggests the information which is memorable is more likely to be

recalled and therefore more likely to be acted upon (Schwartz, 1991; Swap, Leonard, Shields &

Abrams (2001); van der Heijden (1997)). It is suggested here that this particular quality of

scenarios can enhance the process of identifying emerging risk by mitigating the effects of

certain cognitive impediments, including recency effect.

Another benefit of scenario planning is its utility in overcoming “strategic inertia”

(Wright, van der Heijden, Burt, Bradfield & Cairns, 2008, p. 221). This outcome is achieved

through the process of exploring a range of alternative, potential future outcomes, which includes

expressions of “dissenting opinions” (Wright, et al., p. 221) that do not conform to organizational

norms. In this way, scenario planning can function as a “„jolt‟ to the organization” (Wright, et

al., p. 227), allowing the organization to rethink its business plans and assumptions. Non-

conforming perspectives can be of particular benefit in overcoming cognitive impediments

which can hinder the identification and management of emerging risk.

An additional benefit to be derived from scenario planning lies in its use of “intuitive

logics” (Wright & Goodwin, 2009, p. 816) as an alternative means for addressing situations of

low predictability where tools of estimation are ineffective. By obviating the need to make

24

predictions, scenario planning can be of particular utility as a means for handling “unique,

unprecedented and rare events” (p. 816), including emerging risk.

Potential Limitations of Scenario Planning

If scenario planning is to be utilized as a tool for managing emerging risk, it is important

to understand not only the benefits of scenario planning, but also the potential limitations of this

approach. One limitation is that when groups or individuals imagine a sequence of events, the

imagined sequence of events may be perceived by that group as more likely to occur (Wright &

Goodwin, 2009). In addition, where events are linked in a causal chain, the point of intersection

may be viewed as more likely (Wright & Goodwin). Consequently, the very process of scenario

construction might produce inappropriately heightened confidence in one‟s ability to anticipate

the future (Wright & Goodwin; Kuhn & Sniezek, 1996). One means for effectively challenging

the limitations of bounded thinking is by asking scenario planning participants to assume that the

worst case event has already taken place and then to consider what caused the event (Wright &

Goodwin). This approach is supported by the research of Mitchell, Russo and Pennington (1989)

which argues that backward-looking approaches will yield more causes for the worst case event.

Another possible limitation of scenario planning stems from its concern with causality.

That is, in so far as scenario planning has its roots in the existing mental models of the

participants (Wright & Goodwin (2009); O‟Brien (2004)) and focuses on causality, scenario

outcomes may be incapable of capturing possible future end points (outcomes) that are not linked

to events in the present (Wright & Goodwin (2009)). One approach to overcoming these

limitations may be through the inclusion of people who hold non-conforming, dissenting views

on key uncertainties (Wright & Goodwin).

25

Chaos Theory

In it broadest sense, chaos theory may be understood as the study of nonlinear dynamic

systems (Levy, 1994). Its origins are frequently traced to Lorenz‟s work in the area of turbulent

flow dynamics in fluids, with subsequent applications in an array of other disciplines including

mathematics, physics, psychology (Guo, Vogel, Zhou, Zhang & Chen, et al., 2009) and business

strategy (Levy). It has been suggested (Levy; Katz & Kahn) that chaos theory may be best

viewed as an extension of systems theory rather than as a novel paradigm.

Chaos theory has been a productive means for exploring systems that are complex,

unpredictable and irregular as well as for the exploration of chaotic systems which are

characterized (Guo, et al.) as nonlinear, dynamic and deterministic. Applied for these purposes

to the problem of emerging risk, chaos theory can help to fill the gap in understanding that is left

by traditional linear approaches, with their emphasis on stability and predictability. Particularly

meaningful application of chaos theory can be found in the realm of social science, where

outcomes often are the product of multiple, highly complex underlying interactions (Levy). This

suggests further utility of chaos theory as a means for understanding emerging risk, especially in

nonlinear systems where small inputs may product large effects and large inputs may produce

minimal effects.

Strategic Foresight, Anticipatory Management and Futurist Thinking

Anticipatory management is premised upon the notion that change management has

become an essential business competency in today‟s environment where failure to anticipate

change can be fatal (Ashley & Morrison, 1997). Viewed collectively, the body of literature on

strategic foresight and anticipatory management suggests approaches for intelligence gathering,

designed to enable organizations to not only survive the pressures of change, but to derive

26

competitive advantage. Each of these approaches constitutes a tool which can assist in closing

the gap between „what is known‟ and what „needs to be known‟ in order reduce the uncertainty

surrounding the achievement of business objectives. Applied to the identification of emerging

risk, each of these tools helps to close the gap between anticipated risks and the full spectrum of

possible risks.

A theme within the body of literature on anticipatory management is the notion that

environmental scanning should be utilized to identify “signals of change” (Ashely & Morrison)

emanating from a spectrum of potential sources in the macro environment. These sources may

include social, technological and environmental developments which emit “weak signals”

(Ansoff, 1975; Rohrbeck & Gemünden, 2008) that can serve as leading indicators of developing

change in the macro environment. Of particular value are “signals from the periphery” (Haeckel,

2004, p. 182), which rest outside our customary focus, or field of vision. By learning to

successfully scan at the periphery (Day & Schoemaker, 2006), organizations can become adept

at identifying potential sources of emerging risk.

It is suggested here that scenario planning, which customarily begins by taking a broad

spectrum view in order to recognize “trends and uncertainties that have the ability to transform

the environment” (Day & Schoemaker, 2004, p. 135), can be used as an approach for enhancing

the process of environmental scanning. This „tandem‟ approach of scenario planning in

conjunction with environmental scanning can help organizations broaden their perspective with

regard to emerging risk while keeping them from being overwhelmed by an array of irrelevant

signals. These approaches can be combined with strategic foresight which seeks to identify

“new and emerging issues for which often no past data is available and therefore forecasting

would not be possible” (Rohrbeck & Gemünden, p. 11). Since emerging risk is characterized by

27

a lack of past data, and defies predictive modeling and forecasting, it appears intuitive that

strategic foresight approaches can be of utility in addressing the challenges of emerging risk.

Part 4- Proposed Framework for Managing Emerging Risk

As discussed above, emerging risk presents a special set of challenges for organizations

as they strive to effectively understand and manage their overall risk portfolio. From a

practitioner standpoint, one particular challenge is the question of how to deploy the set of tools

and approaches that are needed to manage emerging risk. One possible solution, which will be

discussed in the remainder of this paper, involves embedding the management of emerging risk

into a holistic enterprise risk management (ERM) framework. This innovative approach offers

one means for operationalizing the concepts suggested in this paper as relevant to the

management of emerging risk. An illustration of the proposed innovative ERM framework is

contained in Figure 1.

Pillar 1: Risk Management Process

As depicted in Figure 1, the proposed holistic, innovative ERM framework consists of

three pillars, each of which represents a dimension of ERM. At the center of the ERM

framework, and labeled as „Pillar 1‟, is the „risk management process‟ which is an adaptation of

the ISO 31000 (2009) risk management process. The purpose of the risk management process is

to provide a consistent and repeatable series of steps which can be carried out by organizations

for the purpose of identifying and identifying risks, as well as for determining appropriate risk

treatments and monitoring/reporting on the outcomes of those risk treatment choices. The second

step of the risk management process is “risk assessment” and has traditionally involved

identification of possible risks, along with their probability and severity. It is this step in the risk

28

management process, and particularly the identification of potential risks, which ties directly to

the management of emerging risk.

Pillar 2: Organizational Processes

Four distinct „organizational processes‟ are depicted at the left side of Figure 1, and

consist of scenario planning, anticipatory management, strategic foresight and environmental

scanning. As described in this paper, each of these processes can be implemented as a means for

identifying and emerging risks. When these processes are incorporated into an ERM framework,

they move from being stand-alone activities within the organization, to become ERM processes

with special utility for addressing the challenges of emerging risk. Moreover, through this

linkage of organizational process and ERM infrastructure, there is a means for synergistically

integrating ERM with activities that deliver value for the organization. One of these value-adding

activities, then, becomes the enhanced capacity to identify the full range of risks (including

emerging risks) faced by the organization.

Within the proposed ERM framework, scenario planning is conceptualized as a process

which aims at developing alternative, informed notions of the future environment (Chermack,

2004; Schwartz, 1991) including an understanding of how emerging risks might evolve over

time. Each scenario that is developed serves as a tool which can enhance organizational learning

and improve decision making by challenging status quo thinking (Chermack, 2004), including

conceptual limitations which might lead to the exclusion of emerging risks. As positioned within

the „organizational process‟ portion of the ERM framework, scenario planning provides a tool

for organizations to better conceptualize both up-side and down-side risk as it relates to the

uncertainty surrounding strategic plans. This linkage of scenario planning to ERM creates a

structure for organizations to reduce down-side risk and capture-up side risk by developing

29

alternative strategic plans. This in turn creates resilience by positioning the organization to

change direction in the face of environmental uncertainty, including the uncertainty of emerging

risks which might actualize over time.

Anticipatory management and strategic foresight, as conceptualized within the proposed

ERM framework, are closely related to scenario planning in so far as they serve as approaches

for closing the gap between what is currently known and what needs to be known in order for an

organization to attain long term success. This includes closing the knowledge gap related to

emerging risks which could evolve into disasters capable of threatening the attainment of

organizational objectives.

As conceptualized here, environmental scanning is a process for detecting early signals of

change which serve to forebode risk sources for the future, including sources of emerging risk.

Combined and positioned in this manner, the tools of scenario planning anticipatory

management, strategic foresight, environmental scanning provide a means for operationalizing

ERM, keeping ERM frameworks both meaningful and current in today‟s dynamic and rapidly

evolving business environment.

Pillar 3: Organizational Architecture

Organizational architecture is depicted at the right side of Figure 1, and is comprised of

corporate social responsibility (CSR), corporate sustainability (CS), corporate strategy and

corporate governance. As conceptualized in the proposed framework, CSR and CS are aimed at

ensuring that current organizational objectives are not achieved by compromising the

organization‟s long term success, or at the expense of society overall. Embedding CSR and CS

into the proposed ERM framework provides a specific and measurable means for exploring and

weighing the risks (including sustainability risks) associated with the organization‟s strategy. In

30

addition, this approach provides a means for considering emerging risk as part of the

organization‟s overall approach to CSR and CS.

Within the proposed ERM framework, corporate strategy is conceptualized as the

outcome of the strategic planning process, involving deliberate articulation of the organization‟s

mission, taking into consideration external threats and opportunities, and determining appropriate

actions to be taken in furtherance of the organization‟s chosen mission. Where ERM is linked

with corporate strategy and strategic planning, enterprise risk can be understood (Dickinson,

2001. p. 361) as „the extent to which the outcomes from the corporate strategy of a company may

differ from those specified in its corporate objectives, or the extent to which [the organization]

fails to meet these objectives (using a „downside risk‟ measure)‟. And, with scenario planning

approach included as part of the ERM process framework, it becomes possible to examine

emerging risks that could evolve in ways that might threaten the achievement of corporate

strategic objectives.

Finally, corporate governance is presented in the ERM framework as a component of

organizational architecture. As conceptualized here, corporate governance represents the set of

practices and responsibilities exercised by an organization‟s board of directors and executive

leadership in order to provide strategic direction and in furtherance of attaining strategic

objectives. When ERM is linked to corporate governance, as in the proposed ERM framework,

there is a seamless infrastructure for articulating enterprise level risks (including emerging risks)

and ensuring that organizational resources are deployed so as to minimize down side risk while

furthering the attainment of strategic objectives. The linkage of ERM and corporate governance

also provides the structure which is required to ensure that ERM is appropriately situated as a

function that is driven by the organization‟s board and executive leadership. Collectively, CSR,

31

CS, corporate governance and corporate strategic plans provide means for assessing the success

of ERM which is measured in terms of the organization‟s attainment of objectives in each of

these areas.

Conclusion and Suggestions for Further Research

In this paper, an innovative approach has been used to address the challenges of emerging

risk by operationalizing a set of tools and approaches that are positioned within an ERM

framework. The proposed framework incorporates three pillars of ERM, which are the risk

management process, selected organizational processes (scenario planning, anticipatory

management, strategic foresight and environmental scanning) and selected organizational

architecture (CS, CSR, corporate governance and corporate strategy).

Possible future research might include case studies to evaluate the utility of the proposed

framework for those organizations choosing to implement ERM. In this regard, it is noted here

that although ERM frameworks may be meaningful from a theory perspective, they are of little

practical value if they can not be deployed within organizations. Further research might also

include discussion of how emerging risk can be addressed within organizations that do not

implement ERM. This is an important area for further research, since many organizations either

choose not to implement ERM or do so in a limited way.

This said, it should be remembered that risk management and ERM are as much art as

they are science. As such, new limitations and constraints are likely to be identified in future, as

the state of practice and theory continue to evolve. With that in mind, the framework contained

in this paper is not intended to be the „right‟ answer, but instead a means for evolving toward

„less wrong‟ approaches.

32

REFERENCES

Allen, P. (2000). Harnessing complexity. Retrieved February 12, 2010, from

http://www.complexity-society.com/papers/harnessing_complexity.pdf

Ansoff, H.I. (1975). Managing strategic surprises by response to weak signals. Strategic

Management Journal, 18(2), 21-33.

Ariely, D. (2008). Predictably irrational: The hidden forces that shape our decisions. New

York: Harper Collins.

Ashley, W. C., & Morrison, J. L. (1997). Anticipatory management: Tools for better decision

making. The Futurist, 31(5), 47-50.

Bazerman, M.H., & Watkins, M.D. (2004). Predictable surprises: The disasters you should have

seen coming and how to prevent them. Boston: Harvard Business School Press.

Beck, U. (2007). World at risk. Polity Press: Cambridge.

Bonabeau, E. (2007). Understanding and managing complexity risk. MIT Sloan Management

Review, 48(4), 62-68.

Boyatzis, R.E.. (2006). An overview of intentional change from a complexity perspective. The

Journal of Management Development, 25(1), 607-623.

Brockner, J. & Rubin, J.Z. (1985). Entrapment in escalating conflicts: A social psychological

analysis. New York: Springer-Verlag.

Burt, G., Wright, G., Bradfield, R., Cairns, G., & van der Heijden, K. (2006). The role of

scenario planning in exploring the environment in view of the limitations of PEST and its

derivatives. International Studies of Management and Organization, 36(3), 50-76.

33

Chermack, T.J. (2004). Improving decision-making with scenario planning. Futures, 36, 295-

309.

Child, J., & Rodrigues, S. (2008). How organizations engage with complexity- A political action

perspective. Unpublished manuscript. Retrieved February 29, 2009, from

www.egosnet.org/jart/prj3/egosnet/data/uploads/OS_2008/W-093.doc

Choo, C.W. (2005). Information failures and organizational disasters. MIT Sloan Management

Review, 46(3), 8-10.

Choo, C.W. (2008). Organizational disasters: Why they happen and how they may be prevented.

Management Decision, 46(1), 32-45.

Clarke, L., & Perrow, C. (1996). Prosaic organizational failure. The American Behavioral

Scientist, 39(8), 1040-1056.

Coomber, J.R. (2006). Natural and Large Catastrophes- Changing Risk Characteristics and

Challenges for the Insurance Industry. Geneva Papers on Risk and Insurance- Issues and

Practice, 31(1), 88-95.

Day, G.S., & Schoemaker, P. J. H. (2004). Driving through the fog: Managing at the edge. Long

Range Planning, 37(2), 127-142.

Day, G.S., & Schoemaker, P. J. H. (2006). Peripheral vision: Detecting the weak signals that

will make or break your company. Boston: Harvard Business School Press.

Dickinson, G. (2001, July). Enterprise risk management: Its origins and conceptual foundation.

The Geneva Papers on Risk and Insurance, 26(3), 360-366.

Flowers, M.L. (1977). A laboratory test of some implications of Janis‟ groupthink hypothesis.

Journal of Personality and Social Psychology, 35(12), 888-896.

34

Fox, F.V. & Staw, B.M. (1979). The trapped administrator: Effects of job insecurity and policy

resistance upon commitment to a course of action. Administrative Science Quarterly, 24,

449-471.

Fulmer, R.M. (1992). Nine management development challengers for the 1990s. The Journal of

Management Development, 11(7), 4-10.

Gerstein, M, & Ellsberg, M. (2008). Flirting with disaster: Why accidents are rarely accidental.

New York, NY: Sterling Publishing Co., Inc..

Giddens, A. (1990). The consequences of modernity. Stanford, CA: Stanford University Press.

Grobstein, P. (2007). From complexity to emergence and beyond: Towards empirical non-

foundationalism as a guide for inquiry. Soundings, 90(1/2), 301-323.

Guo, X., Vogel, D., Zhou, Z., Zhang, X., & Chen, H. (2009). Chaos theory as a lens for

interpreting blogging. Journal of Management Information Systems, 26(1), 101-127.

Haeckel, S.H. (2004). Peripheral vision: Sensing and acting on weak signals: Making meaning

out of apparent noise: The need for a new managerial framework. Long Range Planning,

37(2), 181-189.

Holbrook, E. (2010, January/February). Is the smart grid smart enough? Risk Management, 10-

12.

Janis, I.L. (1972). Victims of groupthink: A psychological study of foreign policy decisions and

fiascoes. Boston: Houghton Mifflin.

Janis, I.L. (1982). Groupthink (2nd

ed.). Boston: Houghton Mifflin.

Janis, I.L., & Mann, L. (1977). Decision making: A psychological analysis of conflict, choice,

and commitment. New York: Free Press.

35

Katz, D., & Kahn, L.R. (1978). The social psychology of organizations (2nd

ed.). New York:

Wiley and Sons.

Kuhn, K.M., & Sniezek, J.A. (1996). Confidence and uncertainty in judgmental forecasting:

Differential effects of scenario presentation. Journal of Behavioural Decision Making, 9,

231-247.

Levy, D. (1994). Chaos theory and strategy: Theory, application, and managerial implications.

Strategic Management Journal, 15, 167-178.

McCauley, C. (1998). Group dynamics in Janis‟s Theory of Groupthink: Backward and forward.

Organizational Behavior and Human Decision Processes, 73(2/3), 142-162.

O‟Brien, F.A. (2004). Scenario planning- lessons for practice from teaching and learning.

European Journal of Operational Research, 152, 709-722.

Perrow, C. (1999). Normal accidents: Living with high risk technologies. Princeton, NJ:

Princeton University Press.

Postma, T.J., & Liebl, F. (2005). How to improve scenario analysis as a strategic management

tool. Technological Forecasting & Social Change, 72, 161-173.

Richardson, K.A., Cilliers, P., & Lissack, M. (2001). Complexity science: A „gray‟ science for

the „stuff in between‟. Emergence, 3(2), 6-18.

Roberto, M. A. (2002). Lessons from Everest: The interaction of cognitive bias, psychological

safety, and system complexity. California Management Review, 45(1), 136-158.

Robins, S.R. (1998). Organizational behavior: Concepts, controversies and applications.

Upper Saddle River, NJ: Prentice Hall.

Rohrbeck, R., & Gemünden, H.G. (2008). Strategic foresight in multinational enterprises:

Building a best-practice framework from case studies. Paper presented at the R&D

36

Management Conference 2008, "Emerging Methods in R&D Management", Ottowa,

Canada. Retrieved from http://www.rene-

rohrbeck.de/documents/Rohrbeck_Gemuenden_(2008)_Strategic-Foresight-in-

Multinational-Enterprises_Paper.pdf

Schwartz, P. (1991). The art of the long view. New York: Doubleday.

Senge, P.M. (1994). The fifth discipline: The art and practice of the learning organization. New

York: Doubleday.

Smith, D. & Fischbacher, M. (2009). The changing nature of risk and risk management: The

challenge of borders, uncertainty and resilience. Risk Management: An International

Journal, 11(1), 1-12.

Staw, B.M. (1976). Knee-deep in the Big Muddy: A study of escalating commitment to a chosen

course of action. Organizational Behavior and Human Performance, 16, 27-44.

Staw, B. M. (1981). The escalation of commitment to a course of action. Academy of

Management Review, 6(4), 577-587.

Simonson, I., & Staw, B. M. (1992). Deescalation strategies: A comparison of

techniques for reducing commitment to losing courses of action. Journal of Applied

Psychology, 77(4), 419-426.

Sornette, D. (2009). Dragon-kings, black swans and the prediction of crises. Swiss Finance

Institute research paper series. Swiss Finance Institute, (09)36. Retrieved January 15,

2010, from http://www.ideas.repec.org/p.chf/rpseri/rp0936.html

Swap, W., Leonard, D., Shields, L., & Abrams, L. (2001). Using mentoring and storytelling to

transfer knowledge in the workplace. Journal of Management Information Systems,

18(1).

37

Tacke, V. (2001) BSE as an organizational construction: A case study on the globalization of

risk. British Journal of Sociology, 52(2), 293-312.

Taleb, N. N. (2007). The black swan. New York, NY: Random House.

Tegar, A. (1980). Too much invested to quit. New York: Perfamon Press.

Turner, B.A. (1994). Causes of disaster: Sloppy management. British Journal of Management,

5, 215-219.

Van der Heijden, K. (1997). Scenarios: The art of strategic conversation. New York: John

Wiley.

Yilmaz, B.S., & Gunel, O.D. (2009). Probably applications of complex networks in public

relations practices: A scenario-based approach. Prism, 6(1), 1-16. Retrieved February

12, 2010, from http://www.praxis.massey.ac/nz/prism_on-line_journ.html.

Weick, K. E. (1995). Sensemaking in organizations. Thousand Oaks, CA: SAGE Publications,

Inc.

White, D. (1995). Application of systems thinking to risk management. Management Decision,

33(10), 35-46.

Wright, G., & Goodwin, P. (2009). Decision making and planning under low levels of

predictability: Enhancing the scenario method. International Journal of Forecasting, 25,

813-825.

Wright, G., van der Heijden, K., Burt, G., Bradfield, R., & Cairns, G. (2008). Scenario planning

interventions in organizations: An analysis of the causes of success and failure. Futures,

40(3), 218-236.

38

Figure 1 - Proposed Innovative Framework

INNOVATIVE ERM FRAMEWORK

ERM

PROCESSES

ERM

STRUCTURES

RISK MANAGEMENT

PROCESSSCENARIO

PLANNING

ANTICIPATORY

MANAGEMENT

STRATEGIC

FORESIGHT

ENVIRONMENTAL

SCANNING

CORPORATE

SOCIAL

RESPONSIBILITY

CORPORATE

SOCIAL

RESPONSIBILITY

CORPORATE

SUSTAINABILITY

CORPORATE

GOVERNANCE

CORPORATE

STRATEGY

ESTABLISH

CONTEXT

ASSESS RISKS

DETERMINE & IMPLEMENT

RISK

TREATMENTS

MONITOR & REPORT ON

RESULTS

OR

GA

NIZ

AT

ION

AL

AR

CH

ITE

CT

UR

EOR

GA

NIZ

AT

ION

AL

PR

OC

ES

S

PILLAR 2 PILLAR 1 PILLAR 3